#BHUSA: Ransomware Drill Targets Healthcare in Operation 911
Infosecurity Magazine
|
Contributed by: Drex DeFord
Summary
Las Vegas law enforcement, the FBI, and Semperis conducted a ransomware tabletop exercise targeting the healthcare sector at Black Hat USA 2024 to tackle rising threats exemplified by the Change Healthcare attack. This exercise involved a red team launching a ransomware attack against a simulated hospital, Sunshine Healthcare, intending to disrupt patient services to the point of forcing a ransom payment. The scenario illustrated the ease with which attackers exploit vulnerabilities despite healthcare's need for quick yet cautious responses due to patient care priorities. Post-Change Healthcare's attack, United Healthcare paid a $22 million ransom, underscoring the critical negotiations' challenges. Experts emphasize that direct communication with attackers should be avoided, advocating for third-party negotiation assistance to mitigate risks.